Computer Security
[EN] securityvulns.ru no-pyccku


in Huawei SmartAX MT880 unauthorized access
Published:09.08.2009
Source:
SecurityVulns ID:10132
Type:remote
Threat Level:
5/10
Description:Some administration functions, including administrative account creation, are available without password.
Affected:HUAWEI : Huawei MT880
Original documentdocumentJerome ATHIAS, Multiple Flaws in Huawei SmartAX MT880 [was: Multiple Flaws in Huawei D100] (09.08.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.08.2009
Source:
SecurityVulns ID:10130
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DISCLOSER : Discloser 0.0
 XAMPP : XAMPP 1.6
 PHPMYADMIN : phpMyAdmin 3.2
 WORDPRESS : Dumb math captcha 1.0
 OPENCMS : OpenCMS 7.5
 SLIDESHOWPRO : SlideShowPro Director 1.3
 CSCART : CS-Cart 2.0
CVE:CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.)
 CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.)
Original documentdocumentSalvatore "drosophila" Fresta, Discloser 0.0.4-rc2 SQL Injection Vulnerability (09.08.2009)
 documentBonsai - Information Security, [BONSAI] SQL Injection in CS-Cart (09.08.2009)
 documentMANDRIVA, [ MDVSA-2009:192 ] phpmyadmin (09.08.2009)
 documentScott Miles, [CSS09-01] SlideShowPro Director File Disclosure Vulnerability (09.08.2009)
 documentkatie.french_(at)_cgifederal.com, OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error (09.08.2009)
 documentMustLive, CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP (09.08.2009)
 documentMustLive, Vulnerabilities in Dumb math captcha for WordPress (09.08.2009)

Wireshark multiple security vulnerabilities
Published:09.08.2009
Source:
SecurityVulns ID:10131
Type:remote
Threat Level:
5/10
Description:RADIUS, AFS, infiniband protocol dessectors vulnerabilities
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.)
 CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.)
 CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (crash) via unspecified vectors in the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissectors.)
Original documentdocumentMANDRAKE, [ MDVSA-2009:194 ] wireshark (09.08.2009)

Palm Pre unauthorized access
updated since 09.08.2009
Published:06.10.2009
Source:
SecurityVulns ID:10133
Type:remote
Threat Level:
6/10
Description:Multiple HTML injection conditions, including e-mail.
Affected:PALM : WebOS 1.0
 PALM : WebOS 1.1
Original documentdocumentpalmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
 documentpalmprehacker_(at)_gmail.com, Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability (09.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod